Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1892

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-1892
Last Modified 01 Apr 2015 12:27:36
Published 31 Mar 2015 10:00:32
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1892

Summary

The Multicast DNS (mDNS) responder in IBM Security Access Manager for Web 7.x before 7.0.0 FP12 and 8.x before 8.0.1 FP1 inadvertently responds to unicast queries with source addresses that are not link-local, which allows remote attackers to cause a denial of service (traffic amplification) or obtain potentially sensitive information via port-5353 UDP packets.

Vulnerable Systems

Operating System

  • Ibm Security Access Manager For Web 7.0 Firmware 7.0.0.11

  • Ibm Security Access Manager For Web 8.0 Firmware 8.0.0.1

  • Ibm Security Access Manager For Web 8.0 Firmware 8.0.0.2

  • Ibm Security Access Manager For Web 8.0 Firmware 8.0.0.3

  • Ibm Security Access Manager For Web 8.0 Firmware 8.0.0.4

  • Ibm Security Access Manager For Web 8.0 Firmware 8.0.0.5

  • Ibm Security Access Manager For Web 8.0 Firmware 8.0.1.0


References

CERT-VN - VU#550620

CONFIRM - http://www-01.ibm.com/support/docview.wss?uid=swg21699497

AIXAPAR - IV70913

AIXAPAR - IV70911


Last Updated: 27 May 2016 11:08:16